Distributors

If you're a company that makes its own websites and applications, make sure your developers don't do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.

Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company's IT infrastructure.

The ALM data dumps contained customer records and transaction details from the Ashley Madison infidelity website, but also the email database of the company's now-former CEO and the source code for the company's other online dating websites including CougarLife.com and EstablishedMen.com.

A London-based security consultant named Gabor Szathmari has now found evidence that ALM's developers were careless with sensitive credentials, which might have helped attackers once they gained a foothold on the company's network.

"The end result of sensitive data stored in the source code repos is a much more vulnerable infrastructure," Szathmari said Monday in a blog post. "Database credentials, AWS tokens probably made the lateral movement easier for the Impact Team, leading to the full breach of Ashley."

Szathmari advises all companies to remove sensitive credentials from their source code or Wiki pages. Hard-coding such secrets makes it harder to later change them and potentially exposes them to unwanted people when the source code is committed to internal or external repositories.

The problem is so common that Amazon Web Services (AWS) issued a warning about it last year after thousands of AWS secret keys were found in public source code repositories hosted on GitHub.

Channel Deals

Tely HD Pro & Wireless Audiopod

ARN Distributor Directory

ARN Vendor Directory

Slideshows

​Inside the new HP Customer Welcome Centre in Sydney…

HP unveiled its new Customer Welcome Centre (CWC) in Sydney this week, following on more than a year after the vendor opened the doors of its Experience Centre in Melbourne (MEC). The new space offers on-site HP technicians and visiting channel partners the ability to reconfigure equipment and put together tailored solutions based on the needs of individual end clients or target vertical markets. The centre can also be booked by customers and partners for meetings, events, workshops, seminars, and training. Photos by HP.

Zscaler Australia toasts the channel at Xmas drinks

Zscaler recently hosted its partner update and Christmas drinks event in Australia where more than 20 partners attended the event at the QT hotel in the Sydney. The event provided a forum for the company to update its Australian partners on the company's strategy for cloud security in the year ahead. It was also a great opportunity for the company to introduce Sean Kopelke as country manager for A/NZ. The event ended with Christmas drinks and a celebration of momentum gained in 2016.

IN PICTURES: ​Nutanix X Tours

Nutanix recently held two ‘X Tours’, which brought the company’s flagship event .NEXT to Brisbane and Melbourne. Customers and partners got a firsthand look at the new era of IT and exposure to the potential of the Nutanix Enterprise Cloud platform. Both events featured key speakers both from Nutanix and its partners.

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.